Infected with the same virus 3 times.

It's the one that takes over and prevents access to applications and the hard drive and tells you your computer has been infected. I have the latest MS security suites which fails to find this virus during a complete scan.

I booted in Safe Mode, but the backup software I use does not work in Safe Mode. So booting to safe mode was useless. I had to use a cloned hard drive each time.

Any free security software out there that can catch this kind of virus?

 

Try:
AVG Internet Security (30-Day Free) or AVG Free
MalwareBytes

These two combined have always worked excellent for me.

Let us know the results and if still have issues, I'm sure other posters will have additional freeware that may help.

Worst case scenario is you'll have to reformat. If that's the case, I suggest using from the start: AVG, MalwareBytes, Firefox w/AdBlockPlus, NoScript, WOT and McAfee SiteAdvisor ...you can get all of them free of course. AVG-Internet Security has extra layers of protection, however it's around 20$ on Purplus for 1 year.

=)

 

Try not clicking on the stupid 'Click here to proceed' button...

 

I don't think there was any button to click. Almost happened twice again. This virus will cause Firefox to crash first, then it takes over. I have learned that if I shut off the power the moment Firefox stops working, then everything is OK.

 

+1

Against these kind of malware nothing is better than Malwarebytes' Anti-malware imo.

 

You might want to install the Firefox add-on AdBlockPlus.
This add-on will block most ads and therefore will also block any ads that have been 'infected' with a trojan, due to a compromised/hacked ad server.

Next time when a malicious popup appears, do not shut off the power.
Use ctrl+alt+del and then stop/kill the firefox process.

 

Installed AdBlockPlus. It works. Thanks for the suggestions.

 

Don't forget NoScript, McAfee SiteAdvisor and WOT ...with Firefox.

Even if it "works again", the virus is still there.

At least try what I suggested or it's only a matter of time until your personal information is stolen. AVG-Free and Malwarebytes takes 5 minutes to install/update. Then you can scan using both and find the culprit.

 

These fly by infections you are experience are almost always easy to remove.

Antivirus programs don't do it because the fileis randomly named--an antivirus program works mostly on definitions--if a randomly named file is not in the AV program definition database, it will not be removed.

Most have heuristic detection, but once you are infected, these fly by infections typically load before the AV and disable them.

So, the solution is: system restore.

All of these programs no matter what they are have to start. System Restore will set your computer back to a time before the malware inserted itself into your startup routine, thus, once you reboot from a system restore the malware will not be running.

This works in at least 90 percent of the cases.

Now, a couple of the worst ones actually disable system restore, and a few will lay a rootkit on your drive, but these are relatively few in number. I have restored many machines simply by running system restore.

If you check your running processes before running system restore, you can usually determine where the offending malware is located, which are in a handful of places.

After system restore, you can go in and delete the offending files.

In case I have not made this clear: SYSTEM RESTORE is your friend. Do not turn it off. I will from time to time run into someone who disabled it because it was using too much harddrive space and that makes repairing these things a more complicated process, but for most people system restore is your first course of action.

 

+1 System restore works quite well for this type for virus.

Ive had a few computers in the office get infected by it and i just do a system restore.

I agree with do NOT disable system restore or shadow copy. It will save you from one day.

 

Slow learner, eh? Pray tell, why do you insist on visiting the same malicious websites over and over again? My guess is you're also running with administrative privileges, and UAC turned off. If that is the case, you can't be helped. Enjoy your viruses.

As an aside, there is no such thing as a "drive-by infection", at least not on a properly maintained and configured system. On such a system, software does not and cannot install itself, silently. Almost all those, hmm, specialists that manage to get infected this way do so simply by installing their virus themselves.

 

Not sure if this is the same virus as the one a friend of mine had at university. The one i dealt with yesterday changed the background and asks you to pay to get rid of the "viruses". It wont let you go to the task manager etc and we couldn't boot the uni computer to safe mode.

Anyway i read on the internet that the virus had a folder in the Application Data of Documents and Settings (All users). The folder name etc is a random name and it won't let you delete it. I renamed everything and deleted 1 file (not the .exe). The virus never came back and we were able to do a scan disk after that to clear everything

 

System Restore is inadvisable as rolling back will not remove every virus.

Best option is to set up your computer from a clean install or manufacturer's recovery image, install all your favoured software and run updates, then take a disk image using Macrium Reflect or similar. If you manage to fill your computer with malware it's only an hour or two's work to restore the image. (if you only have one hard drive, it's wise to partition it into two for boot & data drives)

Even better option if you have a reasonably new PC is just to use a VM to surf the internet...

Define 'properly maintained and configured'.

Every currently available web browser is vulnerable to a multitude of XSS & similar vectors, until you install third-party utilities to restrict such functionality.

 

If the OP is still experiencing the problem try my idea/solution.

Format your computer and only back up essential things like pictures and what-not. If you have gotten this virus 3 times already I'd suspect that you have done a few formats and re-installs so do it again. Then follow the bottom steps. [If you actually, do, do a format then you may not get the warnings about viruses but in this case you shouldn't get them again].

'Start - Run - type 'msconfig.exe' (without quotes) - Startup Tab ' Uncheck anything that looks suspicious. Do a google if you aren't sure.

Use another computer and download 'Avast! Free Anti-Virus' , Malwarebytes Anti Malware and Spybot S&D'

Transfer the installers to a USB drive or Pen Drive or even a CD.

Install all the programs on the infected computer. (Remember to restart when asked).

With Avast! You'll probably get a few pop-ups that your computer is infected. Just tell it to clean/delete the infected files. If you don't just do a full scan be patient, you want your computer to work right? and go onto the next step.

Do a scan with Malwarebytes first and delete anything it finds that is bad.

Then do a scan with Spybot, it'll take a long time it has a pretty big library of possible infections and the scanning engine is slow.

Delete anything it finds as well.

Restart and you should be fine.

As for reference, and explanation purposes. System restore wont remove viruses but can help to get you back to a time where you can at least try and remove the infection. However a format and a 'try again' of the above would be better.

If the other suggestions didn't work, try mine.

 

doing a system restore will not get rid of the problem, you need to use some sort of malware remover, I.E. Malwarebytes or spybot. Just something to get rid of the infected files on your computer.

 

It amazes me how little people really know about computers and how paranoid things have become.

System restore will indeed solve many (not all) virus issues.

All programs and services need to start in some way. This is accomplished in multiple ways but most of these flybye virus attacks are through registry settings.

System restore replaces the current registry with a registry form a previous time prior to the virus' start up settings being added to the registry, therefore on reboot the virus does not start.

It's as simple as that--for the most part.

Yes, the file is still on your computer, but it might as well be a text file since it is not running.

Now, does this stop EVERY malware infection.

No. Rootkits the inject themselves into a system driver like atapi.sys will run regardless of system restore. Some viruses will disable system restore. Some viruses will infect the MBR. Some will run from old legacy window locations (startup folders, win.ini or system.ini, autoexec.bat).

Lord knows I have grappled with just about every type of virus in the last 20 years, but to dismiss system restore without any knowledge of the actual virus is the height of computer ignorence.

Reformats are sometimes, but rarely necessary and are generally pushed by people who know juse enough about computers to be dangerous.

 

That is exactly what most people were saying (true that they, including I, were approaching it from the 'it's not guaranteed to solve everything' angle rather than the 'it's usually alright' angle, but the statements are equivalent), but you then seem to spend the rest of your post trying to pick an argument with them?

I do IT support for selected friends & family only these days (my years of helldesk have scarred me to the extent that I really dislike doing it for free!), but whenever I reformat a computer for someone, I install all their stuff, then take a disk image & save it on my server.

Then the next time they install every type of malware under the sun and bring their computer back to me because it's 'a bit slow', I back up docs/nuke & pave/restore docs. This takes far less time than trying to ascertain what sort of virus it is, whether System Restore will be suitable in this case, trying to remove all the irritating little traces it might've left...

That'll be why nobody ever uses disk imaging in enterprise IT then?

(if we're getting pompous, I've been building, repairing and programming various sorts of computers for closer to thirty years than twenty, as if that makes any bloody difference to the subject under discussion )

 

ss.....

We're not talking about imaging here, although I almost mentioned your post and said, "yes, creating an image is never a bad idea."

If you're a corporate IT department and haven't adequately prepared yourself, than shame on you.

This is not about that. These forums and the thousands like it across the internet are visited by a different population. 90 percent of them can turn a computer on, surf the internet and check their email; maybe half of them can install a program and 20 percent of them can install a printer. 7 percent of those who come here give knee jerk responses that generally result in suggestions to download malware program x,y,z or "reformat your drive and reinstall everything over the next 2 weeks." 3 percent have a solid understanding of computers and how they work.

Since you mentioned "imaging" I'll put you in the 3 percent.

However, most people don't have the foresight to do this--heck, if you have been hanging around computers as long as you say, you also know most people do not keep back ups, lose their installation disks, leave files in all kinds of odd places, etc.

Reformats by the typical person (not you) almost always result in a cleaner running computer, but lost data and programs that can never be recovered. I have no problem with people reformating their own computers; what I object to is recommending reformatting as the first course of action.

The people who recommend them (reformats not imaging) typically are people who know their OWN systems well enough to at least not care if they lose something. The people who are here on this forum or on forums like it are GENERALLY not in the least bit prepared for what that really means.

And for the record, if I am going to be called pompous, I've been building, repairing, programming etc even longer than 30 years...just not professionally. We could trade certifications now, too, if you like, but rest assured, I am not talking about you when I rant about format first and think later.

 

To the people who dont believe that a system restore will get rid of a virus. PLEASE, go get a virus do a system restore then shed tears. Most viruses now run in memory and what happens when you launch your restore or hey even load windows, yup it gets loaded and guess what you just lost your system restore as well.

 

To people who don't know to load their computer in safe mode, and then run system restore, shed tears for yourself.

I said earlier and it bears repeating, most of the virus out there right now are simple little programs that are designed to scare you into buying a bogus security software or utility.

These are easy to kill most of the time just the way I've described.

We're not talking rootkits or keyloggers--virus's that are trying to hide from you so they do not remove them. We're talking garden variety scareware that typically include a single executable that loads after visiting a website with a cheap javascript.


Hey, you want to pay me $75 bucks to come clean your computer or *shudder* take your computer to a big box store where some A+ paper cert wipes out your computer, be my guest.

 

Sheesh seeing a lot in this topic...

You have another computer and a USB? If so you can pretty much remove any virus.

Portable CCleaner:
CCleaner - Builds

Portable supernantispyware:
SUPERAntiSpyware.com - SUPERAntiSpyware Portable Scanner

Run CCleaner on temp files and registry (Gasp a registry editor?!?!?! I don't need to hear it, they're useful for this) and delete what you find (make a backup) and then run superantispyware.

Before you turn the computer off (probably too late now) and make things even harder make sure you follow the instructions already given to edit msconfig.

It shouldn't be difficult to remove.

 

Turn the power button on and keep tapping the F8 key while Windows is booting. This will open your Safe Mode options. Choose "Safe Mode with Command Prompt". This is the only option you should use in this scenario. The reason? Because it doesn't start Windows Explorer - it opens a Window CMD window - the black and spooky "DOS window". Have no fear.

When the command window opens - and this can take some time, so be patient - you'll see something like C:\Windows\System32>

When you see C:\Windows\System32> type rstrui.exe and press the Enter key.
It may take 5 or 6 minutes before you see anything change. You'll see Windows System Restore dialog appear. And when it does, you're almost home. Choose a restore point at least 48 hours prior to the time you started having problems and initiate a System Restore. It will take a few minutes and then your computer will reboot. When Windows boots, your rogue security program will be gone, no more popups, no more trouble - it will be like nothing ever happened.
And the best thing is - you won't lose any emails, photos, music files, or documents, etc. The only thing you'll lose is any program(s) you've installed since the restore point you chose.

This tip can be used for many other problems too. Safe Mode with Command Prompt does not even load the Windows shell - but it does load the Windows system files. The key is RSTRUI.EXE which you can access from Safe Mode with Command Prompt, and then go back in time like the problem you had never even happened.
Like other posters have said, install Malwarebytes. It's the best free anti malware programme out there. Superantispyware free version is also a great tool.